1087 matches found
CVE-2019-25764
UNSUPPORTED WHEN ASSIGNED Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ...
CVE-2019-25764
CVE-2019-25764 concerns the ASUS AURA SYNC driver, where an exposed IOCTL with insufficient access control enables a local user to bypass verification and invoke arbitrary IOCTLs, leading to privilege escalation. The available connected documents confirm the affected component as the ASUS AURA SY...
CVE-2026-50502
Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network...
CVE-2026-50405
Insufficient granularity of access control in Windows Filtering Platform WFP allows an authorized attacker to elevate privileges locally...
CVE-2026-55006
Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally...
CVE-2026-48581
Insufficient granularity of access control in Microsoft Surface allows an authorized attacker to elevate privileges locally...
CVE-2026-48581
CVE-2026-48581 affects Microsoft Surface. It describes insufficient granularity of access control enabling a locally authenticated attacker to escalate privileges (Impact: high; CVSS 3.1 base 7.8, AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Connected records show the vulnerability in Surface Broker SDM...
CVE-2026-55006
Microsoft Exchange Server vulnerability CVE-2026-55006: Insufficient granularity of access control enables local privilege escalation for an authorized attacker. Root cause: lack of fine-grained access controls. Impact: high confidentiality, integrity, and availability impact per CVSS 3.1 (AV:L/A...
Microsoft Exchange Server Elevation of Privilege Vulnerability
Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally...
Active Directory Federation Services Elevation of Privilege Vulnerability
Insufficient granularity of access control in Active Directory Federation Services AD FS allows an authorized attacker to elevate privileges locally...
Windows Event Logging Service Remote Code Execution Vulnerability
Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network...
Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability
Microsoft Active Directory Federation Services contains an insufficient granularity of access control vulnerability that allows an authorized attacker to elevate privileges locally...
CVE-2026-55664 Grist: Insufficient access control in the /forms endpoint exposes table metadata
Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /forms endpoint read table and column metadata without applying the document's access rules and did not check that the requested section was actually a form. A user with only partial read access, includin...
EUVD-2026-39190
Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory...
CVE-2026-4027 FlexNet Manager Suite Attachment File Disclosure
A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 and R2 that could allow unauthorized access to attachment files due to insufficient access control...
CVE-2026-4027
CVE-2026-4027 affects FlexNet Manager Suite 2025 R1 and R2, where insufficient access control could allow unauthorized access to attachment files. The vulnerability is described as an access-control weakness that could expose attachments to users without proper privileges. The description and met...
CVE-2026-6737
An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the ' Security Update for ASUS Precision Touchpa...
Insufficient Granularity of Access Control
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the getMembers methods that serve the group members endpoint. A...
CVE-2026-10591
Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...
EUVD-2021-34843
Insufficient granularity of access control in ASP AMD Secure Processor may allow an attacker with an untrusted user space application to map sensitive SMN System Management Network apertures leading to a potential escalation of privileges...